oss-sec mailing list archives

Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean

From: "Joshua J. Drake" <oss-sec-addjsif () qoop org>
Date: Tue, 11 Feb 2014 02:05:29 -0600

On Mon, Feb 10, 2014 at 11:32:23PM -0500, cve-assign () mitre org wrote:


Use CVE-2014-1939. For example, see:

https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/
https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/SearchBoxImpl.java

versus:

https://android.googlesource.com/platform/frameworks/base/+/kitkat-release/core/java/android/webkit/


Thanks for the CVE assignment.

For interested parties, I consider the actual issue to be the use of
the unsafe addJavascriptInterface API at all. This happens in
BrowserFrame.java (not in SearchBoxImpl.java) See use of the
javascriptInterfaces and mJavaScriptObjects variables and the
nativeAddJavascriptInterface JNI function.

Joshua

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign (Feb 10)
- Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Joshua J. Drake (Feb 11)
- Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Nick Kralevich (Feb 18)
  - Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign (Feb 18)